OpenSSH has activated post-quantum cryptography by default in OpenSSH 9, as well as introduced the hybrid Streamlined NTRU Prime + x25519 key exchange method in an effort to better protect against future quantum attacks, as well as any future vulnerabilities in NTRU Prime, ZDNet reports.
"The combination ensures that the hybrid exchange offers at least as good security as the status quo. We are making this change now (i.e. ahead of cryptographically-relevant quantum computers) to prevent 'capture now, decrypt later' attacks where an adversary who can record and store SSH session ciphertext would be able to decrypt it once a sufficiently advanced quantum computer is available," said the release notes.
OpenSSH also addressed several bugs as part of the new release. The development comes after the NATO Cyber Security Centre held quantum-proof network test run last month. "The trial started in March 2021. The trial was completed in early 2022. Quantum computing is becoming more and more affordable, scalable and practical. The threat of 'harvest now, decrypt later' is one all organizations, including NATO, are preparing to respond to," said NCSC Principal Scientist Konrad Wrona.